Lucene search
K

245 matches found

Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.10 views

MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.10 views

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.11 views

Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/07 8:22 p.m.14 views

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

9.9CVSS6.6AI score0.02914EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.8 views

Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions

GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.14 views

Towards Agentic Investigation of Security Alerts

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems

Agentic AI systems face security challenges that stateless large language models do not. They plan across extended horizons, maintain persistent memory, invoke external tools, and coordinate with peer agents. Existing security analyses organize threats by attack type prompt injection, jailbreakin...

5.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...

8.8CVSS5.6AI score0.00473EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/23 6:51 a.m.95 views

vlnr

vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/23 12:0 a.m.7 views

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40974 Source advisory:...

9.8CVSS5.7AI score0.00182EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/23 12:0 a.m.12 views

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...

9.1CVSS5.7AI score0.00157EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/21 9:14 a.m.105 views

PatchChain-Multi-Agent-Agentic-Pipeline-for-Autonomous-Code-Vulnerability-Analysis

No d...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.8 views

Towards Optimal Agentic Architectures for Offensive Security Tasks

Agentic security systems increasingly audit live targets with tool-using LLMs, but prior systems fix a single coordination topology, leaving unclear when additional agents help and when they only add cost. We treat topology choice as an empirical systems question. We introduce a controlled...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/15 11:30 a.m.7 views

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.4 views

Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval

Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/11 9:54 p.m.11 views

Malicious code in unisys-agentic-ai-playground (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0 The package unisys-agentic-ai-playground was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/11 9:54 p.m.6 views

MAL-2026-2874 Malicious code in unisys-agentic-ai-playground (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0 The package unisys-agentic-ai-playground was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.19 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.19 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 8:13 p.m.7 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +504 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=1.0.0-RC3)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: OSV:GHSA-8JXR-PR72-R468...

7.6CVSS5.7AI score0.00136EPSS
Exploits0
Rows per page
Query Builder